From: "Andy Lutomirski" <luto@kernel.org>
To: "Yu Zhang" <yu.c.zhang@linux.intel.com>,
"David Hildenbrand" <david@redhat.com>
Cc: "Sean Christopherson" <seanjc@google.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Vitaly Kuznetsov" <vkuznets@redhat.com>,
"Wanpeng Li" <wanpengli@tencent.com>,
"Jim Mattson" <jmattson@google.com>,
"Joerg Roedel" <joro@8bytes.org>,
"kvm list" <kvm@vger.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Borislav Petkov" <bp@alien8.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Joerg Roedel" <jroedel@suse.de>,
"Andi Kleen" <ak@linux.intel.com>,
"David Rientjes" <rientjes@google.com>,
"Vlastimil Babka" <vbabka@suse.cz>,
"Tom Lendacky" <thomas.lendacky@amd.com>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
"Ingo Molnar" <mingo@redhat.com>,
"Varad Gautam" <varad.gautam@suse.com>,
"Dario Faggioli" <dfaggioli@suse.com>,
"the arch/x86 maintainers" <x86@kernel.org>,
linux-mm@kvack.org, linux-coco@lists.linux.dev,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Kirill A . Shutemov" <kirill@shutemov.name>,
"Sathyanarayanan Kuppuswamy"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Dave Hansen" <dave.hansen@intel.com>
Subject: Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory
Date: Tue, 31 Aug 2021 21:53:27 -0700 [thread overview]
Message-ID: <8f3630ff-bd6d-4d57-8c67-6637ea2c9560@www.fastmail.com> (raw)
In-Reply-To: <20210827023150.jotwvom7mlsawjh4@linux.intel.com>
On Thu, Aug 26, 2021, at 7:31 PM, Yu Zhang wrote:
> On Thu, Aug 26, 2021 at 12:15:48PM +0200, David Hildenbrand wrote:
> Thanks a lot for this summary. A question about the requirement: do we or
> do we not have plan to support assigned device to the protected VM?
>
> If yes. The fd based solution may need change the VFIO interface as well(
> though the fake swap entry solution need mess with VFIO too). Because:
>
> 1> KVM uses VFIO when assigning devices into a VM.
>
> 2> Not knowing which GPA ranges may be used by the VM as DMA buffer, all
> guest pages will have to be mapped in host IOMMU page table to host pages,
> which are pinned during the whole life cycle fo the VM.
>
> 3> IOMMU mapping is done during VM creation time by VFIO and IOMMU driver,
> in vfio_dma_do_map().
>
> 4> However, vfio_dma_do_map() needs the HVA to perform a GUP to get the HPA
> and pin the page.
>
> But if we are using fd based solution, not every GPA can have a HVA, thus
> the current VFIO interface to map and pin the GPA(IOVA) wont work. And I
> doubt if VFIO can be modified to support this easily.
>
>
Do you mean assigning a normal device to a protected VM or a hypothetical protected-MMIO device?
If the former, it should work more or less like with a non-protected VM. mmap the VFIO device, set up a memslot, and use it. I'm not sure whether anyone will actually do this, but it should be possible, at least in principle. Maybe someone will want to assign a NIC to a TDX guest. An NVMe device with the understanding that the guest can't trust it wouldn't be entirely crazy ether.
If the latter, AFAIK there is no spec for how it would work even in principle. Presumably it wouldn't work quite like VFIO -- instead, the kernel could have a protection-virtual-io-fd mechanism, and that fd could be bound to a memslot in whatever way we settle on for binding secure memory to a memslot.
next prev parent reply other threads:[~2021-09-01 4:53 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-24 0:52 [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory Sean Christopherson
2021-08-24 10:48 ` Yu Zhang
2021-08-26 0:35 ` Sean Christopherson
2021-08-26 13:23 ` Yu Zhang
2021-08-26 10:15 ` David Hildenbrand
2021-08-26 17:05 ` Andy Lutomirski
2021-08-26 21:26 ` David Hildenbrand
2021-08-27 18:24 ` Andy Lutomirski
2021-08-27 22:28 ` Sean Christopherson
2021-08-31 19:12 ` David Hildenbrand
2021-08-31 20:45 ` Sean Christopherson
2021-09-01 7:51 ` David Hildenbrand
2021-08-27 2:31 ` Yu Zhang
2021-08-31 19:08 ` David Hildenbrand
2021-08-31 20:01 ` Andi Kleen
2021-08-31 20:15 ` David Hildenbrand
2021-08-31 20:39 ` Andi Kleen
2021-09-01 3:34 ` Yu Zhang
2021-09-01 4:53 ` Andy Lutomirski [this message]
2021-09-01 7:12 ` Tian, Kevin
2021-09-01 10:24 ` Yu Zhang
2021-09-01 16:07 ` Andy Lutomirski
2021-09-01 16:27 ` David Hildenbrand
2021-09-02 8:34 ` Yu Zhang
2021-09-02 8:44 ` David Hildenbrand
2021-09-02 11:02 ` Yu Zhang
2021-09-02 8:19 ` Yu Zhang
2021-09-02 18:41 ` Andy Lutomirski
2021-09-07 1:33 ` Yan Zhao
2021-09-02 9:27 ` Joerg Roedel
2021-09-02 18:41 ` Andy Lutomirski
2021-09-02 18:57 ` Sean Christopherson
2021-09-02 19:07 ` Dave Hansen
2021-09-02 20:42 ` Andy Lutomirski
2021-08-27 22:18 ` Sean Christopherson
2021-08-31 19:07 ` David Hildenbrand
2021-08-31 21:54 ` Sean Christopherson
2021-09-01 8:09 ` David Hildenbrand
2021-09-01 15:54 ` Andy Lutomirski
2021-09-01 16:16 ` David Hildenbrand
2021-09-01 17:09 ` Andy Lutomirski
2021-09-01 16:18 ` James Bottomley
2021-09-01 16:22 ` David Hildenbrand
2021-09-01 16:31 ` James Bottomley
2021-09-01 16:37 ` David Hildenbrand
2021-09-01 16:45 ` James Bottomley
2021-09-01 17:08 ` David Hildenbrand
2021-09-01 17:50 ` Sean Christopherson
2021-09-01 17:53 ` David Hildenbrand
2021-09-01 17:08 ` Andy Lutomirski
2021-09-01 17:13 ` James Bottomley
2021-09-02 10:18 ` Joerg Roedel
2021-09-01 18:24 ` Andy Lutomirski
2021-09-01 19:26 ` Dave Hansen
2021-09-07 15:00 ` Tom Lendacky
2021-09-01 4:58 ` Andy Lutomirski
2021-09-01 7:49 ` David Hildenbrand
2021-09-02 18:47 ` Kirill A. Shutemov
2021-09-02 20:33 ` Sean Christopherson
2021-09-03 19:14 ` Kirill A. Shutemov
2021-09-03 19:15 ` Andy Lutomirski
2021-09-10 17:18 ` Kirill A. Shutemov
2021-09-15 19:58 ` Chao Peng
2021-09-15 13:51 ` David Hildenbrand
2021-09-15 14:29 ` Kirill A. Shutemov
2021-09-15 14:59 ` David Hildenbrand
2021-09-15 15:35 ` David Hildenbrand
2021-09-15 20:04 ` Kirill A. Shutemov
2021-09-15 14:11 ` Kirill A. Shutemov
2021-09-16 7:36 ` Chao Peng
2021-09-16 9:24 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f3630ff-bd6d-4d57-8c67-6637ea2c9560@www.fastmail.com \
--to=luto@kernel.org \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=dfaggioli@suse.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=jroedel@suse.de \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=varad.gautam@suse.com \
--cc=vbabka@suse.cz \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
--cc=yu.c.zhang@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).